Default FTP Firewall Support Settings <firewallSupport>

Overview

The <ftpServer/firewallSupport> element of the <siteDefaults> element is used to configure the way that the FTP service works with firewalls by default.

This element allows server administrators to configure the external address of the firewall that the FTP service will send to FTP clients when passive connections are being used.

When passive connections are negotiated using the FTP PASV command, the FTP server sends a response which contains IP address and port of the server. By specifying the externalIp4Address attribute, you can direct FTP clients to communicate with your firewall, which should route the client traffic to your FTP server. By specifying an external IP address for your firewall per-site, this allows you to route the firewall traffic for each FTP site through a different firewall.

Note: While the external IP address can be configured per-site, you can also specify the data channel port range that the FTP service will use in the global <system.ftpServer/firewallSupport> element.

Compatibility

Version

IIS 8.5

The <firewallSupport> element was not modified in IIS 8.5.

IIS 8.0

The <firewallSupport> element was not modified in IIS 8.0.

IIS 7.5

The <firewallSupport> element of the <ftpServer> element ships as a feature of IIS 7.5.

IIS 7.0

The <firewallSupport> element of the <ftpServer> element was introduced in FTP 7.0, which was a separate download for IIS 7.0.

IIS 6.0

N/A

Note: The FTP 7.0 and FTP 7.5 services shipped out-of-band for IIS 7.0, which required downloading and installing the modules from the following URL:

Note: You must be sure to set the commit parameter to apphost when you use AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.